Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 16 Jun 2012 05:19:56 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: CVE request: phplist before 2.10.18 XSS and sql injection

http://www.exploit-db.com/exploits/18639/

cite from there:
"Desc: Input passed via the parameter 'sortby' is not properly
sanitised before being returned to the user or used in SQL queries.
This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code. The param 'num' is vulnerable to a XSS issue
where the attacker can execute arbitrary HTML and script code in
a user's browser session in context of an affected site."

Upstreams release notes for 2.10.18:
http://www.phplist.com/?lid=567
mentions:
"This version fixes a few small bugs and a security issue that was
found. The security issues fixed require the administrator to be logged
in. Therefore the vulnerability can be classified as "intermediate".
There's no immediate danger of the vulnerabilities to be exploited
remotely."

Please assign two CVEs.

-- 
Hanno Böck		mail/jabber: hanno@...eck.de
GPG: BBB51E42		http://www.hboeck.de/

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.